image upload problem with Adobe CS3?
Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=25113
Printed Date: 04 April 2026 at 3:32am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: image upload problem with Adobe CS3?
Posted By: dfrancis
Subject: image upload problem with Adobe CS3?
Date Posted: 07 January 2008 at 5:10pm
|
Hey Bruce,
I noticed in the version notes
"2. functions/functions_upload.asp - fixed upload image issue when images are created in Adobe CS3"
Can you explain what the problem (and solution) was? ------------- “If you want things to be different, you must be willing to do different things!” http://www.DavidFrancis.org/?wwf=signature" rel="nofollow - David Francis |
Replies:
Posted By: WebWiz-Bruce
Date Posted: 07 January 2008 at 5:58pm
|
IE having as many security holes as a piece of cheese, will run scripting code hidden in an image file as script, thus a hacker can hide malicious scripting code in a file which appears to be an image. Other browsers won't run the scripting code but IE does! This issue was dealt with in previous releases of Web Wiz Forums to protect those people silly enough to run a security hole like IE, by scanning uploaded images for malicious code. This works fine except with images created in Adobe Photoshop were Adobe hide XML within the image file containing some image properties, and details of the Adobe sofwtare that created or edited the image file. The solution was to strip Adobe's hidden XML content from images before checking the file for malicious code, thus preventing the image from being rejected for having the hidden content. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: WebWiz-Bruce
Date Posted: 07 January 2008 at 6:03pm
This is the type of XML Adobe appends to the end of an image:-
------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: dfrancis
Date Posted: 07 January 2008 at 6:27pm
|
Thanks... that is very interesting. I've recently become quite familiar with Adobe cs3 as well as MAC due to the new magazine. Image management is huge in my business more than ever and that hidden EXIF data is most useful. But I can see how it is not necessary on avatars that's for sure.
Thanks for the explanation my friend. ------------- “If you want things to be different, you must be willing to do different things!” http://www.DavidFrancis.org/?wwf=signature" rel="nofollow - David Francis |
Posted By: Ritchie
Date Posted: 15 January 2008 at 11:07am
|
Hello, Bruce! ------------- Чем дальше в лес, тем толще партизаны |
Posted By: WebWiz-Bruce
Date Posted: 15 January 2008 at 11:25am
|
We now have a bunch of images created in different versions of Photoshop to test with and have found a few other issues. It seems that the XML created by Adobe isn't always formatted in the same way and in the same case! We are working on trying to fix this, then again if Microsoft finally patch the image vulnerability bug in IE that we are trying to protect against we may not need to parse images anymore and thus not have this issue with Adobe created images. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |
Posted By: StarDust
Date Posted: 15 January 2008 at 4:36pm
|
-boRg-, I think with CS3, firefox causes the same problem. It has to do something with the way photoshop saves the metadata into a jpeg. ------------- http://board.ebizbd.net/">  Tips, mods and skins for WWF v9.x
|
Posted By: WebWiz-Bruce
Date Posted: 15 January 2008 at 5:09pm
|
It doesn't matter what browser you use to upload the image it has to be parsed for malicious code as you don't know what browser the person viewing the image at a later date will be using. You also want to keep malicious code off the server so although the parsing of images for malicious code is done to protect IE uses viewing the image, it's also good practice not to have the malicious code on the server in the first place. The problem with image saved in Photoshop and other Adobe software is that it places XML code into the JPEG image. This then gets flagged up as malicious code because of some of the content of the XML adobe places into the JPEG. The added problem of trying to detect this is that the XML isn't constant as it's not always the same. The problem is trying to find away to skan the adobe images without then being flagged as containing malicious code. If you are not careful then a hacker could get round the protection by hiding the malicious code with the Adobe XML making it very difficult to spot, especially as Adobes XML is not constant. I personally am glad I don't use Photoshop, as what is the point in compressing a JPEG image to as small as possible for the web if Adobe are then going to blot it with a load of hidden XML. OK it's only 3kb, but if you have allot of images on a page that can mount up. This XML information is olny useful to the person who created the image and to Adobe for tracking how many images are made in their software, so if you are saving for the web I don't think Adobe should not be hiding this XML in the JPEG. ------------- https://www.webwiz.net/web-wiz-forums/forum-hosting.htm" rel="nofollow - Web Wiz Forums Hosting https://www.webwiz.net/web-hosting/windows-web-hosting.htm" rel="nofollow - ASP.NET Web Hosting |